<?php
include('upload.inc.php');

switch($epage) {
    default;
        if($_SERVER["REQUEST_METHOD"] == "POST") {
            $title = $_POST['title'];
            $summary = $_POST['summary'];
            $body = $_POST['body'];
            $feed = $_POST['feed'];
            $fixedId = $_POST['id'];

            if($_POST['addmenu'] == "") {
                $menuHide = '1';
            }
            else {
                $menuHide = '0';
            }

            if(strlen($title) > 3 && strlen($summary) > 3) {
                if(!empty($epage)) {
                    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                    $query = $connect->query("UPDATE pages SET title ='".$title."', summary ='".$summary."', body ='".$body."', feed ='".$feed."' WHERE pageid =".$epage."");
                    $query2 = $connect->query("UPDATE menu SET hidden ='".$menuHide."' WHERE id =".$epage."");
                    header("location:../../../page/$page/article/$epage");
                    $query->close();
                    $connect->close();
                }
                elseif(empty($epage)) {
                    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                    $query = $connect->query("INSERT INTO pages (title, pageid, date, summary, body) VALUES ('".$title."', '".$fixedId."', NOW(), '".$summary."', '".$body."')");
                    $query2 = $connect->query("INSERT INTO menu (id, name, hidden) VALUES ('$fixedId', '$title', '$menuHide')");
                    header("location:../../../page/1/home");
                    $query->close();
                    $query2->close();
                    $connect->close();
                }
            }

            print('<p>Please fill in all required fields.</p>');
        }

        else {
            $title = $row->title;
            $category = $row->category;
            $tags = strtolower($row->tags);
            $thumb = $row->thumb;
            $summary = $row->summary;
            $gallery = $row->gallery;
            $body = $row->body;
            $links = $row->links;
        }
        break;

    case "2"; //news
        if($_SERVER["REQUEST_METHOD"] == "POST") {
            $title = $_POST['title'];
            $category = $_POST['category'];
            $tags = strtolower($_POST['tags']);
            $thumb = $_POST['thumb'];
            $summary = $_POST['summary'];
            $gallery = $_POST['gallery'];
            $body = $_POST['body'];

            if($_POST['headline'] == "") {
                $headeline = "0";
            }
            else {
                $headline = "1";
            }

            if($_POST['draft'] == "") {
                $draft = "0";
            }
            else {
                $draft = "1";
            }

            if($_POST['featured'] == "") {
                $featured = "0";
            }
            else {
                $featured = "1";
            }

            $links = $_POST['links'];

            if(strlen($title) > 3 && strlen($summary) > 3 && strlen($body) > 3) {
                if(!empty($article)) {
                    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                    $query = $connect->query("UPDATE posts SET title ='".$title."', category ='".$category."', tags='".$tags."', thumb ='".$thumb."', summary ='".$summary."', gallery ='".$gallery."', body ='".$body."', headline ='".$headline."', featured ='".$featured."', draft ='".$draft."', links ='".$links."' WHERE id =".$article."");
                    header("location:../../../page/$page/article/$article");
                    $query->close();
                    $connect->close();
                }
                elseif(empty($article)) {
                    $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                    $query = $connect->query("INSERT INTO posts (title, category, tags, thumb, author, time, summary, gallery, body, headline, featured, draft, links) VALUES ('".$title."', '".$category."', '".$tags."', '".$thumb."', '".$_SESSION['username']."', NOW(), '".$summary."', '".$gallery."', '".$body."', '".$headline."', '".$featured."', '".$draft."', '".$links."')");
                    header("location:../../../");
                    $query->close();
                    $connect->close();
                }
            }

            print('<p>Please fill in all required fields.</p>');
        }

        else {
            $title = $row->title;
            $category = $row->category;
            $tags = strtolower($row->tags);
            $thumb = $row->thumb;
            $summary = $row->summary;
            $gallery = $row->gallery;
            $body = $row->body;
            $links = $row->links;
        }
        break;

    case "7"; //profile
        if($_SERVER["REQUEST_METHOD"] == "POST") {
            $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
            $profession = mysqli_real_escape_string ($connect, $_POST['profession']);
            if(isset($profession)) {
                if(!empty($profession)) {
                    $profession = $profession;
                }
                else {
                    return false;
                }
            }
            $os = mysqli_real_escape_string ($connect, $_POST['os']);
            if(isset($os)) {
                if(!empty($os)) {
                    $os = $os;
                }
                else {
                    return false;
                }
            }
            $avatarComment = mysqli_real_escape_string($connect, $_POST['img_comment']);
            $connect->close();

            $upload_dir = strtolower($_SESSION['username']);
            $uploadedimage = uploadimage($_FILES, $upload_dir);
            $aboutMe = $_POST['aboutme'];
            $onMind = $_POST['onMind'];
            $feed = $_POST['feed'];
            $activeAvatar = $_POST['avatarList'];
            if(isset($activeAvatar)) {
                if(!empty($activeAvatar)) {
                    $activeAvatar = $activeAvatar;
                }
                else {
                    return false;
                }
            }

            if($activeAvatar == "Default") {
                $currentAvatar = "";
            }
            else {
                $currentAvatar = $activeAvatar;
            }

            if($_POST['private'] == "") {
                $private = "0";
            }
            else {
                $private = "1";
            }

            $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
            $query = $connect->query("UPDATE users SET profession ='".$profession."', avatar='".$currentAvatar."', img_comment='".$avatarComment."', os='".$os."', aboutme='".$aboutMe."', onmind='".$onMind."', feed='".$feed."', private='".$private."' WHERE username ='".$_SESSION['username']."'");
            //       header("location:../page/page.php?page=$page&user=$user");
            $userprofile = $_SESSION['userId'];
            //        return $uploadError;
            header("location:./edit_inc.php?page=profile&user=$userprofile");
            $query->close();
            $connect->close();
            exit;
        //        else{
        //            print('<p>Please fill in all required fields.</p>');
        //        }

        }

        else {
            $profession = $row->profession;
            $os = $row->os;
            $avatar = $row->avatar;
            $avatarComment = $row->img_comment;
            $aboutMe = $row->aboutme;
        }
        break;
}
switch($pageid) {
    case "600"; //signup
        $rcptTo = $admin_email;
        $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
        $rcptFROM = mysqli_real_escape_string ($connect, $_POST['mail']);

        if($_SERVER["REQUEST_METHOD"] == "POST") {
            $user = mysqli_real_escape_string ($connect, $_POST['user']);
            $pass = mysqli_real_escape_string ($connect, $_POST['pass']);
            $pass_ver = mysqli_real_escape_string ($connect, $_POST['pass_ver']);
            $name = mysqli_real_escape_string ($connect, $_POST['name']);
            $surname = mysqli_real_escape_string ($connect, $_POST['surname']);
            $mail = mysqli_real_escape_string ($connect, $_POST['mail']);

            $checkUser = $connect->query("SELECT username FROM ".$prefix."users WHERE username = '".$_POST['user']."'");
            $checkUserRow = $checkUser->num_rows;
            $checkUser->close();
            $checkMail = $connect->query("SELECT mail FROM ".$prefix."users WHERE mail = '".$_POST['mail']."'");
            $checkMailRow = $checkMail->num_rows;
            $connect->close();

            if(empty($user) || empty($pass) || empty($name) || empty($mail)) {
                $signError = "Please fill in all required fields.";
            }
            elseif(strlen($user) < 5 || strlen($user) > 18) {
                $signError = "Terribly sorry but your username should contain no less than 5 and no more than 18 characters.";
            }
            elseif($checkUserRow > 0) {
                $signError = "This username apears to be already in use, we truly are sorry.";
            }
            elseif(strlen($pass) < 1 && strlen($name) < 1 && strlen ($mail) < 1) {
                $signError = "Please fill in valid data";
            }
            elseif($pass_ver != $pass) {
                $signError = "The two password fields do not seem to match, please check it for errors.";
            }
            elseif (strpos($mail, '@') === false || strpos($mail, '.') === false ) {
                $signError = "I'm terribly sorry but you e-mail adres appears to be incorrect.";
            }
            elseif($checkMailRow > 0) {
                $signError = "You cannot register twice on the same e-mail adress, hope you have another one.";
            }

            if(empty($signError)) {
                $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                $query = $connect->query("INSERT INTO users (username, password, joined, name, surname, mail) VALUES ('".$user."', PASSWORD('$pass'), NOW(), '".$name."', '".$surname."', '".$mail."')");
                $signError = "Congratulations! you are now a member of the Softsaurus family!<br />
                          A message will now be send to $mail to complete the paperwork.";
                $query = $connect->query("SELECT id FROM ".$prefix."users WHERE username = '".$user."'");
                $row = $query->fetch_object();
                $body = '';
                $body = 'A new user has been added to your database.'.PHP_EOL;
                $body .= 'Username: '.ucfirst($user)."\r\n";
                $body .= 'Real name: '.ucfirst($name).' '.ucfirst($surname)."\r\n";
                $body .= 'E-Mail: '.ucfirst($mail)."\r\n\r\n";

                $bodyReturn = '';
                $bodyReturn .= 'Dear '.ucfirst($name).",\r\n\r\n";
                $bodyReturn .= 'Thanks a lot for joining us and welcome on behalf of the Softsaurus community'."\r\n";
                $bodyReturn .= 'Your account has now been activated and you can login with your brand new username.'.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'Username: '.$user.''.PHP_EOL;
                $bodyReturn .= 'Password: '.$pass.''.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'Please make sure you keep your login data private'.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'TIP: start creating your own profile by clicking on the following link:'.PHP_EOL;
                $bodyReturn .= 'http://www.softsaurus.org/edit/profile/user/'.$row->id.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'We sincerely hope you enjoy our services as we strive for optimal quality.'."\r\n\r\n";
                $bodyReturn .= 'Kind regards,'."\r\n\r\n\r\n";
                $bodyReturn .= 'The Softsaurus team'."\r\n";

                mail( $rcptTo, '[MEMBER] '.ucfirst($name) , $body, 'From: "'.ucfirst($name).'" <'.$rcptFrom.'>' );
                mail( $rcptFrom, '[MEMBER] softsaurus.org' , $bodyReturn, 'From: "Softsaurus" <'.$rcptTo.'>' );
                $query->close();
                $connect->close();
            }
        }
        return $signError;
        break;

    case "contact";
        $rcptTo = $admin_email;
        $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
        $rcptFROM = mysqli_real_escape_string ($connect, $_POST['mail']);

        if($_SERVER["REQUEST_METHOD"] == "POST") {
            $user = mysqli_real_escape_string ($connect, $_POST['user']);
            $pass = mysqli_real_escape_string ($connect, $_POST['pass']);
            $pass_ver = mysqli_real_escape_string ($connect, $_POST['pass_ver']);
            $name = mysqli_real_escape_string ($connect, $_POST['name']);
            $surname = mysqli_real_escape_string ($connect, $_POST['surname']);
            $mail = mysqli_real_escape_string ($connect, $_POST['mail']);

            $checkUser = $connect->query("SELECT username FROM ".$prefix."users WHERE username = '".$_POST['user']."'");
            $checkUserRow = $checkUser->num_rows;
            $checkUser->close();
            $checkMail = $connect->query("SELECT mail FROM ".$prefix."users WHERE mail = '".$_POST['mail']."'");
            $checkMailRow = $checkMail->num_rows;
            $connect->close();

            if(empty($user) || empty($pass) || empty($name) || empty($mail)) {
                $signError = "Please fill in all required fields.";
            }
            elseif(strlen($user) < 5 || strlen($user) > 18) {
                $signError = "Terribly sorry but your username should contain no less than 5 and no more than 18 characters.";
            }
            elseif($checkUserRow > 0) {
                $signError = "This username apears to be already in use, we truly are sorry.";
            }
            elseif(strlen($pass) < 1 && strlen($name) < 1 && strlen ($mail) < 1) {
                $signError = "Please fill in valid data";
            }
            elseif($pass_ver != $pass) {
                $signError = "The two password fields do not seem to match, please check it for errors.";
            }
            elseif (strpos($mail, '@') === false || strpos($mail, '.') === false ) {
                $signError = "I'm terribly sorry but you e-mail adres appears to be incorrect.";
            }
            elseif($checkMailRow > 0) {
                $signError = "You cannot register twice on the same e-mail adress, hope you have another one.";
            }

            if(empty($signError)) {
                $connect = new mysqli(DB_HOST,DB_USER,DB_PASS,DB_NAME);
                $query = $connect->query("INSERT INTO users (username, password, joined, name, surname, mail) VALUES ('".$user."', PASSWORD('$pass'), NOW(), '".$name."', '".$surname."', '".$mail."')");
                $signError = "Congratulations! you are now a member of the Softsaurus family!<br />
                          A message will now be send to $mail to complete the paperwork.";
                $query = $connect->query("SELECT id FROM ".$prefix."users WHERE username = '".$user."'");
                $row = $query->fetch_object();
                $body = '';
                $body = 'A new user has been added to your database.'.PHP_EOL;
                $body .= 'Username: '.ucfirst($user)."\r\n";
                $body .= 'Real name: '.ucfirst($name).' '.ucfirst($surname)."\r\n";
                $body .= 'E-Mail: '.ucfirst($mail)."\r\n\r\n";

                $bodyReturn = '';
                $bodyReturn .= 'Dear '.ucfirst($name).",\r\n\r\n";
                $bodyReturn .= 'Thanks a lot for joining us and welcome on behalf of the Softsaurus community'."\r\n";
                $bodyReturn .= 'Your account has now been activated and you can login with your brand new username.'.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'Username: '.$user.''.PHP_EOL;
                $bodyReturn .= 'Password: '.$pass.''.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'Please make sure you keep your login data private'.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'TIP: start creating your own profile by clicking on the following link:'.PHP_EOL;
                $bodyReturn .= 'http://www.softsaurus.org/edit/profile/user/'.$row->id.PHP_EOL.PHP_EOL;
                $bodyReturn .= 'We sincerely hope you enjoy our services as we strive for optimal quality.'."\r\n\r\n";
                $bodyReturn .= 'Kind regards,'."\r\n\r\n\r\n";
                $bodyReturn .= 'The Softsaurus team'."\r\n";

                mail( $rcptTo, '[MEMBER] '.ucfirst($name) , $body, 'From: "'.ucfirst($name).'" <'.$rcptFrom.'>' );
                mail( $rcptFrom, '[MEMBER] softsaurus.org' , $bodyReturn, 'From: "Softsaurus" <'.$rcptTo.'>' );
                $query->close();
                $connect->close();
            }
        }
        return $signError;
        break;
}
?>
